Remember Valentine’s day 2004, when San Francisco county started issuing marriage licenses to same-sex couples?
Thousands of couples showed up. Some from the other side of the planet, some from the other side of town. The County Clerk was overwhelmed and there weren’t nearly enough wedding officiants to keep up. So they put out a call for volunteers to be deputized by the Clerk as county marriage commissioners. I volunteered and officiated at dozens of ceremonies at city hall.
Still have my official commission hanging on my wall.
SSL/TLS, the “S” in HTTPS, and other network encryption protocols such as SSH, use a technique called a Diffie-Hellman key exchange. This is a mode of cryptography where each side generates two keys: a public half and a private half. Anything encrypted with the public half is only decryptable by the associated private half (and vice versa).
You and Youtube only ever exchange the public halves of your respective key pairs. If someone snoops on the key exchange all they can do is insert spoofed messages, not decrypt real ones.
Moreover, the keypairs are generated on the fly for each new session rather than reused. This means that even a future compromise of youtube won’t unlock old sessions. This is a concept called forward secrecy.
Message spoofing is prevented by digital signatures. These also use the Diffie-Hellman principle of pairs of public/private keys, but use separate longer-term key pairs than those used with encryption. The public half of youtube’s signing key, as presented by the server when you connect to it, has to be digitally signed by a well-known public authority whose public signing key was shipped with your web browser.